[Security Solution][Alerts Detail] - fix missing investigated alert i…

…d when fetching all alerts for the details panel alerts tab (elastic#206873) ## Summary This PR fixes an issue in the session view detailed panel alerts tab when used in the expandable flyout. As can seen in the screenshot below, when used in the alerts table, the detailed panel alerts tab renders the investigated alert if it is available. ![Screenshot 2025-01-15 at 3 39 19 PM](https://github.com/user-attachments/assets/56c52527-ec75-425b-8152-aa8f0581401b) But when rendered in the expandable flyout the investigated alert is not always rendered. ![Screenshot 2025-01-15 at 3 38 56 PM](https://github.com/user-attachments/assets/9e5256df-a022-48b9-a8ba-dbfb79a9e5ff) The issue came from a mistake done in [this previous PR](elastic#200270) that aimed at extracting the session view detailed panel in the expandable flyout preview panel. Specifically [this line](https://github.com/elastic/kibana/pull/200270/files#diff-1f5a98dfb88e0067b1557ae15325887e48f561b35a0f99989360efea7f4aa6adR33) where I hardcoded the `investigatedAlertId` to `undefined`. I believe this happened during early stage of the development where I just wanted to get things to run. Then when I made the `investigatedAlertId` available via the session view panel context, I forgot to come back and replace the `undefined`... When looking at the network tab, I see 2 calls to the `internal/session_view/alerts` endpoint: - the first one made when opening the session view component the first time contains the `investigatedAlertId` value and returns more data ![Screenshot 2025-01-15 at 3 37 25 PM](https://github.com/user-attachments/assets/a4c67afd-0c8c-4048-83b7-f19c621ff73f) ![Screenshot 2025-01-15 at 3 37 36 PM](https://github.com/user-attachments/assets/3efcbbaf-ca92-4c96-bda3-d44153f5cbbd) - the same call made when navigating to the detailed panel alerts tab only has `undefined` and returns less data ![Screenshot 2025-01-15 at 3 37 29 PM](https://github.com/user-attachments/assets/74409e70-67cc-4c3c-be17-32bf5d6ae10f) ![Screenshot 2025-01-15 at 3 37 42 PM](https://github.com/user-attachments/assets/34e2d631-5be2-4ebe-92f5-e07139f03a83) ### How to test - make sure the `securitySolution:enableVisualizationsInFlyout` advanced settings is turned on Co-authored-by: Paulo Silva <[email protected]>
viduni94 · Jan 23, 2025 · ee3a718 · ee3a718
1 parent 5c3912b
commit ee3a718
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/...plugins/security_solution/public/flyout/document_details/session_view/tabs/alerts_tab.tsx b/...plugins/security_solution/public/flyout/document_details/session_view/tabs/alerts_tab.tsx
@@ -25,12 +25,13 @@ import { useSessionViewPanelContext } from '../context';
 export const AlertsTab = memo(() => {
   const { eventId, indexName, investigatedAlertId, sessionEntityId, sessionStartTime, scopeId } =
     useSessionViewPanelContext();
+
   const {
     data: alertsData,
     fetchNextPage: fetchNextPageAlerts,
     isFetching: isFetchingAlerts,
     hasNextPage: hasNextPageAlerts,
-  } = useFetchSessionViewAlerts(sessionEntityId, sessionStartTime, undefined);
+  } = useFetchSessionViewAlerts(sessionEntityId, sessionStartTime, investigatedAlertId);
 
   // this code mimics what is being done in the x-pack/plugins/session_view/public/components/session_view/index.tsx file
   const alerts = useMemo(() => {